1. Processing of personal data
As part of its personal data processing operations, the CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin] undertakes to comply with applicable regulations currently in force, not least Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation or GDPR) and Organic Act 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights The purpose of these regulations is to guarantee and protect the public freedoms and fundamental rights of natural persons, as far as the processing of data is concerned.
The CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin] may occasionally collect personal data via its website or other channels (e.g., social media platforms). In any event, the data shall be appropriate, relevant and not excessive in relation to the scope and specific, explicit and legitimate purposes for which they were obtained.
The user may choose whether or not to provide the data that may be required as part of a request for information or subscription or registration for any of the services offered by the CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin] on this website or on any other platform.
You may contact the entity by calling 941.500.400, emailing firstname.lastname@example.org or writing to the postal address C/ Estambrera, 52, 26006 Logroño (La Rioja). The entity’s Data Protection Officer is Mr. José Luis Lapuente Sánchez, who is also the General Secretary. His e-mail address is email@example.com.
2. Quality and purpose
Any User who provides personal data is responsible for ensuring that the information is true. To this end, the User is responsible for the accuracy of all the data submitted and shall keep the submitted data up-to-date so that it reflects his/her actual situation. The User shall be liable for any false or inaccurate data provided and for any loss caused as a result for the CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin].
The CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin] shall process personal data for the purposes of providing the requested services and addressing any request, suggestion or query made by the data subject.
The corresponding data shall also be used to carry out statistical studies of Users with a view to enhancing the services offered and managing the website’s basic administrative tasks. Finally, data may be used to send information about this entity’s activities and promotional content about the wine characterised by Rioja qualified DO, by any means, electronic or otherwise, if the data collection form has this purpose and the data subject has given his/her express [Control Board of the Rioja Qualified Designation of Origin] The user may withdraw his/her consent at any time.
The data shall be processed on the legal basis of the data subject’s consent. Consent may be withdrawn at any time, although any data provided before the withdrawal of consent shall continue to be processed legitimately. Data are submitted on a voluntary basis. However, should a user choose to withhold them, the entity shall not be able to provide the requested services or address their request, suggestion or query. The disclosure of personal data to this end is therefore essential to ensuring that we are able to address requests submitted in this way.
Data shall be retained for the time it takes to provide the service or address and resolve a user’s request, query or claim. They shall subsequently be retained in the form of a record of communications, unless the user asks for them to be deleted.
Before a User submits third-party data, he/she is responsible for informing the third party of the provisions of Article 14 of the General Data Protection Regulation.
3. Security measures
For the purposes of guaranteeing the security and confidentiality of the personal data that it receives, the CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin] has adopted the necessary technical and organisational security measures to prevent the alteration, loss and unauthorised processing of, or access to, these data. However, the user shall take into consideration that, due to the inherent features and global nature of the internet, the security measures are not foolproof.
4. Data subject’s rights
The data subject has the right to access, rectify or erase his/her data, to restrict and to object to their processing, and to transfer his/her data in the cases specified in the General Data Protection Regulation. In any situation where a user’s rights are deemed to have been violated, a complaint may be lodged with the Spanish Data Protection Agency.
With a view to guaranteeing compliance with data protection regulations, the CONSEJO REGULADOR D.O.Ca RIOJA [Control Board of the Rioja Qualified Designation of Origin] has sought the legal advice of a firm specialising in this field: Picón & Asociados Abogados.